OpenSSL: Fix OpenSSL 1.1.0 DH operation

Commit 49fe2ada20d5fd53c0388442d23e7f03086f4d57 ('OpenSSL: Support
OpenSSL 1.1.0 DH opacity') started using the new accessor functions, but
used incorrect success check for the DH_set0_key() call. This resulted
in dh5_init_fixed() failures and double-free on error path if the build
was linked against OpenSSL 1.1.0. Fix this by checking DH_set0_key()
return value to be 1 for the success case.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index fde154f..7f33686 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -754,7 +754,7 @@ err:
 
        priv_key = BN_bin2bn(wpabuf_head(priv), wpabuf_len(priv), NULL);
        pub_key = BN_bin2bn(wpabuf_head(publ), wpabuf_len(publ), NULL);
-       if (!priv_key || !pub_key || DH_set0_key(dh, pub_key, priv_key) != 0)
+       if (!priv_key || !pub_key || DH_set0_key(dh, pub_key, priv_key) != 1)
                goto err;
        pub_key = NULL;
        priv_key = NULL;